-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Integration Camel-K 1.6.2 release and security update
Advisory ID:       RHSA-2021:5130-01
Product:           Red Hat Integration
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:5130
Issue date:        2021-12-14
Cross references:  RHBA-2021:85820-01
CVE Names:         CVE-2021-44228 
====================================================================
1. Summary:

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat
Integration Camel K that includes bug fixes. The purpose of this text-only
errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat
Camel K that includes bug fixes and enhancements, which are documented in
the Release Notes document linked to in the References.

Security Fix(es):

* log4j-core: Remote code execution in Log4j 2.x when logs contain an
attacker-controlled string value (CVE-2021-44228)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

5. References:

https://access.redhat.com/security/cve/CVE-2021-44228
https://access.redhat.com/security/updates/classification/#critical
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q4
https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYbj059zjgjWX9erEAQhalQ/+PuVXRzieQeQiZctS/tYZkXltWfWNejfX
cTIKOrb0MRm93A4QijoR7qm10HNGD+KDKh4bLL4oYDiR9GXifeUtY8I1I2J+vUHO
iWETsLMyj4byqe9Z94801OmbSgWDrWNnrCO8hnYaCHlKvQyoeNCL3GubwjKrN6kP
rVJyPLmnh+4U1/RgkjC1UzN+DiG931aSzTzgpodHpVNFVrPQe/f46LyVZTOlES0o
O2xY8u0zha5UvuceNqMVomMTt8ARqPY761ix+Kfyn5UF3WqzLfM4DIv4qbqhxbIy
8jGNd6cRZ6snVetxnoUqrOtYw/N/wD5H9N33uWuhzlwHHGcwYADey/ALfJCTxgvO
MjfdKSrv1XAB8CRR5cf6WRZyU4fb11ZsQPjoYVnL2rOANdLja0D6v4h6MgItnHTD
fbzKLkOg5DemZRLC0c0+XdoV9r/XAWxpBc4P+62ViTFQwUEnPaTc1I2WZN7G7PvG
kcbBhaeo1pkcJTci6ovey2dolQYx7+YjIKuA/gYQ1JECtP7lVmYSWmqPNMxCd9QE
NRK/0yoN7LyJCxpzTvxvv2dpUbURZ6Vp/GsisMU+VnHl44BepGo3kGOlpcl0mf7o
bTJ6SOg0OziTvwVXpfG+2sHBEjJqTiZd34wlMTQZJoWdwyKw08KNSUcmZK1sc3gV
Dn4mcHyBPHc=iWEy
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-5130:02 Critical: Red Hat Integration Camel-K 1.6.2

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Integration Camel K that includes bug fixes

Summary

A minor version update (from 1.6.1 to 1.6.2) is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2021-44228 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2021-Q4 https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q4 https://access.redhat.com/security/vulnerabilities/RHSB-2021-009

Package List


Severity
Advisory ID: RHSA-2021:5130-01
Product: Red Hat Integration
Advisory URL: https://access.redhat.com/errata/RHSA-2021:5130
Issued Date: : 2021-12-14
Cross references: RHBA-2021:85820-01
CVE Names: CVE-2021-44228

Topic

A minor version update (from 1.6.1 to 1.6.2) is now available for Red HatIntegration Camel K that includes bug fixes. The purpose of this text-onlyerrata is to inform you about the security issues fixed in this release.Red Hat Product Security has rated this update as having a security impactof Critical. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value


Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved